Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Jimdo is a German website builder targeted at small businesses and freelancers, with an AI website builder (Dolphin), a classic editor (Creator) and integrated ecommerce. Hosted in Frankfurt and Dublin, fully under German data protection authority oversight.
Jimdo is a German website builder founded in Hamburg in 2007 and operated by Jimdo GmbH. The product line has three pillars: Jimdo Dolphin (an AI guided builder that generates a complete site from a few questions), Jimdo Creator (a classic block based editor) and Jimdo Shop (integrated ecommerce with checkout, PayPal and SEPA payments). The company is fully European, headquartered in Germany and subject to the German Federal Data Protection Act (BDSG) and the Hamburg DPA as lead authority.
Strictly necessary: JIMDO_SESSION (session, login and editor session), jimdo_locale (1 year, preferred language), _jimdo_csrf (session, anti CSRF token), jimdo_legacy_id (1 year, legacy customer reference). With Jimdo Statistics activated: jimdo_visitor (1 year, anonymous visitor identifier), jimdo_pv_session (session, page view counter). Jimdo offers a built in cookie banner that gates the optional categories. Third party widgets (Google Analytics, Facebook Pixel, Mailchimp) add their own cookies.
The strictly necessary cookies are exempt under ePrivacy art. 5(3) and German TTDSG paragraph 25. Jimdo Statistics and the optional integrations require consent under GDPR art. 6(1)(a). The Jimdo cookie banner widget natively supports the IAB TCF v2.2 signal and the German TTDSG categorisation (technisch erforderlich, statistik, marketing). The email marketing list requires explicit consent under the German UWG for direct marketing.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Jimdo primary hosting runs on AWS Frankfurt (eu-central-1) and Dublin (eu-west-1). Static assets are served from the CloudFront EU edges. Customer billing, account and analytics records remain in the EU. Limited transfers occur to US sub processors for support tools (Zendesk, HubSpot) under the 2021 Standard Contractual Clauses. As a fully German company Jimdo is not subject to the US CLOUD Act on its core infrastructure.
Sign the Jimdo Auftragsverarbeitungsvertrag (DPA), activate the Jimdo cookie banner with the German TTDSG categories, list strictly necessary cookies in the privacy notice, gate Jimdo Statistics and external widgets behind statistik or marketing consent, document the form submission flow with a clear consent text for the email marketing list under UWG and document Jimdo as a sub processor in your record of processing under GDPR art. 30.
Websites using Jimdo must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for a standard Jimdo website with the strictly necessary cookies only. A DPIA is recommended when Jimdo Statistics, the Jimdo Email Marketing module or third party integrations (Google Analytics, Facebook Pixel, Mailchimp) are activated. The DPIA should document the EU hosting commitment, the retention of the visitor analytics data, the consent flow on the Jimdo cookie banner and the legal basis for the email marketing list collected by forms.
Sample consent text
Our website is built with Jimdo and hosted by Jimdo GmbH in Hamburg (Germany), with infrastructure in AWS Frankfurt and Dublin. Strictly necessary cookies (JIMDO_SESSION, jimdo_locale, _jimdo_csrf) keep the site working. With your consent we activate Jimdo Statistics and any external widget such as Google Analytics, Facebook Pixel or Mailchimp. Your data stays in the European Union by default. You can accept, refuse or withdraw at any time.
Third-party domains contacted
jimdo.comjimdo.dejimdosite.compage.jimdo-app.comstatic.jimdo-static.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| JIMDO_SESSION | First party (Jimdo) | Session | Login and editor session token for the Jimdo customer area and the published site |
| jimdo_locale | First party (Jimdo) | 1 year | Stores the visitor preferred language for the Jimdo site |
| _jimdo_csrf | First party (Jimdo) | Session | Anti CSRF token for form submissions on the Jimdo site |
| jimdo_legacy_id | First party (Jimdo) | 1 year | Legacy customer reference used when migrating from the Jimdo Creator to Dolphin |
| jimdo_visitor | First party (Jimdo Statistics, optional) | 1 year | Anonymous visitor identifier used by the optional Jimdo Statistics module |
| jimdo_pv_session | First party (Jimdo Statistics, optional) | Session | Page view counter for the optional Jimdo Statistics module |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
Strictly necessary: JIMDO_SESSION (session), jimdo_locale (1 year), _jimdo_csrf (session), jimdo_legacy_id (1 year). With Jimdo Statistics: jimdo_visitor (1 year, anonymous), jimdo_pv_session (session). Installed widgets add their own cookies.
Strictly necessary cookies do not need consent. Consent is required for Jimdo Statistics, external widgets (Google Analytics, Facebook Pixel, Mailchimp) and email marketing. The Jimdo built in cookie banner handles the categorisation under the German TTDSG.
Legitimate interest and ePrivacy art. 5(3) exemption for session cookies. Contract for form submissions you fulfil. Consent for Jimdo Statistics, marketing widgets and the email marketing list (with UWG explicit opt in for German residents).
No for the core platform. Jimdo hosts on AWS Frankfurt and Dublin. Limited transfers to US sub processors (Zendesk, HubSpot) under SCC 2021 for support. Jimdo is a German company not subject to the US CLOUD Act on its core infrastructure.
Usually no for a standard Jimdo site with strictly necessary cookies. Recommended when Jimdo Statistics, Jimdo Email Marketing or third party widgets are activated.
Sign the Jimdo AVV, activate the Jimdo cookie banner with TTDSG categories, list strictly necessary cookies in the Datenschutzerklärung, gate statistics and external widgets behind consent, document form submission consent under UWG and document Jimdo as a sub processor.
Other EU centric builders: 1&1 IONOS MyWebsite (Germany), Strato Homepage Baukasten (Germany), Webnode (Czech Republic), Hostinger Website Builder (Lithuania), WiX (Israel with EU storage), Squarespace, Wordpress.com. For developers: WordPress self hosted with a German host like Hetzner or Mittwald.
List Jimdo GmbH (Hamburg) as the data processor, declare the strictly necessary cookies and the consent based cookies separately, mention the EU hosting in AWS Frankfurt and Dublin, link to the Jimdo Datenschutzerklärung and provide a DSAR contact via the Jimdo customer area.